CVE-2021-29968
https://notcve.org/view.php?id=CVE-2021-29968
When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.0.1. Al dibujar texto en un lienzo con WebRender desactivado, podía producirse una lectura fuera de los límites. • https://bugzilla.mozilla.org/show_bug.cgi?id=1712047 https://www.mozilla.org/security/advisories/mfsa2021-27 • CWE-125: Out-of-bounds Read •
CVE-2021-30547 – chromium-browser: Out of bounds write in ANGLE
https://notcve.org/view.php?id=CVE-2021-30547
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una escritura fuera de límites en ANGLE en Google Chrome versiones anteriores a 91.0.4472.101 permitía a un atacante remoto potencialmente llevar a cabo un acceso a la memoria fuera de límites por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html https://crbug.com/1210414 https://lists.debian.org/debian-lts-announce/2021/07/msg00009.html https://lists.debian.org/debian-lts-announce/2021/07/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54 https://security.gentoo.org/gl • CWE-787: Out-of-bounds Write •
CVE-2021-29959
https://notcve.org/view.php?id=CVE-2021-29959
When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89. Cuando un usuario ya ha permitido a un sitio web acceder al micrófono y a la cámara, la desactivación del uso compartido de la cámara no impedía completamente que el sitio web volviera a activarlo sin una solicitud adicional. Esto sólo era posible si el sitio web seguía grabando con el micrófono hasta volver a habilitar la cámara. • https://bugzilla.mozilla.org/show_bug.cgi?id=1395819 https://security.gentoo.org/glsa/202107-09 https://www.mozilla.org/security/advisories/mfsa2021-23 • CWE-863: Incorrect Authorization •
CVE-2021-29966
https://notcve.org/view.php?id=CVE-2021-29966
Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89. Los desarrolladores de Mozilla han reportado bugs de seguridad de memoria presentes en Firefox versión 88. Algunos de estos bugs mostraban evidencias de corrupción de memoria y presumimos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1660307%2C1686154%2C1702948%2C1708124 https://security.gentoo.org/glsa/202107-09 https://www.mozilla.org/security/advisories/mfsa2021-23 • CWE-787: Out-of-bounds Write •
CVE-2021-29960
https://notcve.org/view.php?id=CVE-2021-29960
Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89. Firefox solía almacenar en caché el último nombre de archivo utilizado para imprimir un archivo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1675965 https://security.gentoo.org/glsa/202107-09 https://www.mozilla.org/security/advisories/mfsa2021-23 • CWE-669: Incorrect Resource Transfer Between Spheres •